DOCS-KMIP-updates (#337)

initial commit, fixes to code presentation

- Updates to kmip with fixes to how we present code (website looks
better now!)
- Updates set-principal-key with similar fixes
- Updated keyring.md with similar fixes

And updated functions for two parameters with updates from 1506

Author: Andriciuc

contrib/pg_tde/documentation/docs/functions.md

@@ -106,15 +106,43 @@ The KMIP provider uses a remote KMIP server.
 Use these functions to add a KMIP provider:
 
 ```sql
-SELECT pg_tde_add_database_key_provider_kmip('provider-name','kmip-addr', `port`, '/path_to/server_certificate.pem', '/path_to/client_cert.pem', '/path_to/client_key.pem');
-SELECT pg_tde_add_global_key_provider_kmip('provider-name','kmip-addr', `port`, '/path_to/server_certificate.pem', '/path_to/client_cert.pem', '/path_to/client_key.pem');
+SELECT pg_tde_add_database_key_provider_kmip(
+  'provider-name',
+  'kmip-addr', 
+  `port`, 
+  '/path_to/server_certificate.pem', 
+  '/path_to/client_cert.pem', 
+  '/path_to/client_key.pem'
+);
+SELECT pg_tde_add_global_key_provider_kmip(
+  'provider-name',
+  'kmip-addr', 
+  `port`, 
+  '/path_to/server_certificate.pem', 
+  '/path_to/client_certificate.pem', 
+  '/path_to/client_key.pem'
+);
 ```
 
 These functions change the KMIP provider:
 
 ```sql
-SELECT pg_tde_change_database_key_provider_kmip('provider-name','kmip-addr', `port`, '/path_to/server_certificate.pem', '/path_to/client_cert.pem', '/path_to/client_key.pem');
-SELECT pg_tde_change_global_key_provider_kmip('provider-name','kmip-addr', `port`, '/path_to/server_certificate.pem', '/path_to/client_cert.pem', '/path_to/client_key.pem');
+SELECT pg_tde_change_database_key_provider_kmip(
+  'provider-name',
+  'kmip-addr', 
+  `port`, 
+  '/path_to/server_certificate.pem', 
+  '/path_to/client_cert.pem', 
+  '/path_to/client_key.pem'
+);
+SELECT pg_tde_change_global_key_provider_kmip(
+  'provider-name',
+  'kmip-addr', 
+  `port`, 
+  '/path_to/server_certificate.pem', 
+  '/path_to/client_certificate.pem', 
+  '/path_to/client_key.pem'
+);
 ```
 
 where:
@@ -124,7 +152,7 @@ where:
 * `port` is the port to communicate with the KMIP server.
   Most KMIP servers use port 5696.
 * `server-certificate` is the path to the certificate file for the KMIP server.
-* `client-cert` is the path to the client certificate.
+* `client-certificate` is the path to the client certificate.
 * `client-key` is the path to the client key.
 
 The specified access parameters require permission to read and write keys at the server.

contrib/pg_tde/documentation/docs/global-key-provider-configuration/keyring.md

@@ -3,23 +3,22 @@
 This setup is intended for development and stores the keys unencrypted in the specified data file. See [how to use external reference to parameters](../how-to/external-parameters.md) to add an extra security layer to your setup.
 
 !!! note
-
      While keyfiles may be acceptable for **local** or **testing environments**, KMS integration is the recommended approach for production deployments.
 
 ```sql
-    SELECT pg_tde_add_global_key_provider_file(
-        'provider-name',
-        '/path/to/the/keyring/data.file'
-    );
+SELECT pg_tde_add_global_key_provider_file(
+    'provider-name',
+    '/path/to/the/keyring/data.file'
+);
 ```
 
 The following example is used for testing purposes only:
 
 ```sql
-    SELECT pg_tde_add_global_key_provider_file(
-        'file-keyring',
-        '/tmp/pg_tde_test_local_keyring.per'
-    );
+SELECT pg_tde_add_global_key_provider_file(
+    'file-keyring',
+    '/tmp/pg_tde_test_local_keyring.per'
+);
 ```
 
 ## Next steps

contrib/pg_tde/documentation/docs/global-key-provider-configuration/kmip-server.md

@@ -3,7 +3,6 @@
 To use a Key Management Interoperability Protocol (KMIP) server with `pg_tde`, you must configure it as a global key provider. This setup enables `pg_tde` to securely fetch and manage encryption keys from a centralized key management appliance.
 
 !!! note
-
     You need the root certificate of the KMIP server and a client key/certificate pair with permissions to create and read keys on the server.
 
 It is recommended to review the [configuration guidelines for the HashiCorp Vault Enterprise KMIP Secrets Engine](https://developer.hashicorp.com/vault/tutorials/enterprise/kmip-engine) if you're using Vault.
@@ -12,16 +11,16 @@ For testing purposes, you can use a lightweight PyKMIP server, which enables eas
 
 ## Example usage
 
-    ```sql
-    SELECT pg_tde_add_global_key_provider_kmip(
-        'provider-name',
-        'kmip-IP', 
-        5696,
-        '/path_to/server_certificate.pem', 
-        '/path_to/client_cert.pem',
-        '/path_to/client_key.pem'
-    );
-    ```
+```sql
+SELECT pg_tde_add_global_key_provider_kmip(
+    'provider-name',
+    'kmip-IP', 
+    5696,
+    '/path_to/server_certificate.pem', 
+    '/path_to/client_cert.pem',
+    '/path_to/client_key.pem'
+);
+```
 
 ## Parameter descriptions
 
@@ -36,15 +35,15 @@ For testing purposes, you can use a lightweight PyKMIP server, which enables eas
 
 The following example is for testing purposes only.
 
-    ```sql
-    SELECT pg_tde_add_global_key_provider_kmip(
-        'kmip','127.0.0.1', 
-        5696, 
-        '/tmp/server_certificate.pem', 
-        '/tmp/client_cert_jane_doe.pem',
-        '/tmp/client_key_jane_doe.pem'
-    );
-    ```
+```sql
+SELECT pg_tde_add_global_key_provider_kmip(
+    'kmip','127.0.0.1', 
+    5696, 
+    '/tmp/server_certificate.pem', 
+    '/tmp/client_cert_jane_doe.pem',
+    '/tmp/client_key_jane_doe.pem'
+);
+```
 
 For more information on related functions, see the link below:
 

contrib/pg_tde/documentation/docs/global-key-provider-configuration/set-principal-key.md

@@ -7,11 +7,11 @@ You can configure a default principal key using a global key provider. This key
 Run the following command:
 
 ```sql
-    SELECT pg_tde_set_default_key_using_global_key_provider(
-        'name-of-the-key',
-        'provider-name',
-        'ensure_new_key'
-    );
+SELECT pg_tde_set_default_key_using_global_key_provider(
+    'name-of-the-key',
+    'provider-name',
+    'ensure_new_key'
+);
 ```
 
 ## Parameter description
@@ -23,12 +23,15 @@ Run the following command:
 This example is for testing purposes only. Replace the key name and provider name with your values:
 
 ```sql
-        SELECT pg_tde_set_key_using_global_key_provider('test-db-master-key','file-vault','ensure_new_key');
+SELECT pg_tde_set_key_using_global_key_provider(
+    'test-db-master-key',
+    'file-vault',
+    'ensure_new_key'
+);
 ```
 
 !!! note
-
-        The key is auto-generated.
+    The key is auto-generated.
 
 After this, all databases that do not have something else configured will use this newly generated principal key.
 

contrib/pg_tde/documentation/docs/global-key-provider-configuration/vault.md

@@ -3,19 +3,18 @@
 You can configure `pg_tde` to use HashiCorp Vault as a global key provider for managing encryption keys securely.
 
 !!! note
-
     This guide assumes that your Vault server is already set up and accessible. Vault configuration is outside the scope of this document, see [Vault's official documentation](https://developer.hashicorp.com/vault/docs) for more information.
 
 ## Example usage
 
 ```sql
-    SELECT pg_tde_add_global_key_provider_vault_v2(
-        'provider-name',
-        'secret_token',
-        'url',
-        'mount',
-        'ca_path'
-    );
+SELECT pg_tde_add_global_key_provider_vault_v2(
+    'provider-name',
+    'secret_token',
+    'url',
+    'mount',
+    'ca_path'
+);
 ```
 
 ## Parameter descriptions
@@ -29,13 +28,13 @@ You can configure `pg_tde` to use HashiCorp Vault as a global key provider for m
 The following example is for testing purposes only. Use secure tokens and proper SSL validation in production environments:
 
 ```sql
-    SELECT pg_tde_add_global_key_provider_vault_v2(
-        'my-vault',
-        'hvs.zPuyktykA...example...ewUEnIRVaKoBzs2',
-        'http://vault.vault.svc.cluster.local:8200',
-        'secret/data',
-        NULL
-    );
+SELECT pg_tde_add_global_key_provider_vault_v2(
+    'my-vault',
+    'hvs.zPuyktykA...example...ewUEnIRVaKoBzs2',
+    'http://vault.vault.svc.cluster.local:8200',
+    'secret/data',
+    NULL
+);
 ```
 
 For more information on related functions, see the link below: